my guess is that they probably felt it was off-topic or fit better in super user. Personally, I disagree and think it fits fine here and is a good question for someone new to how file permissions work, which certainly has a security implication, so I voted the question up.
–
AJ HendersonFeb 5 '13 at 14:20

3 Answers
3

If stolen, mounted in another host, all permissions are compromised, everybody could be root in his host and mount hard-drive (maybe externaly by USB - Sata changer) with all needed rights. For this condition, (strong) encryption are the only way.

About cross OS, if drive stay mounted in a Un*x like OS and serve his files through a sharing server, like samba, ftpd , netatalk or else, permission are used by the server himself and could be respected by all clients. There is no need of local encryption if server access is correctly securised.

About domain controller, samba do wrap window's user rights to un*x filesystem's ACL, so all work fine localy and remotely.

@Akam - I wouldn't say the answer is No I would say its "it depends" on the exact details of what actually happens. Which is the reason disk level encryption should be used if your worried about something like this happening.
–
RamhoundFeb 6 '13 at 13:21

Permissions are defined by the operating system. If you bypass the operating system, permissions are irrelevant.

You can't have access control (permissions) without authentication (determining whether the person requesting access is authorized). For example, to enforce that a file is accessible to root only, you need to determine whether the user is root. This determination is only meaningful within the context of the original operating system.

To have access control that's inherent to a storage media, you need a form of authentication that is external to the media. To protect data on a disk outside the context of the system it's connected to, your access control cannot rely on any information that's on the disk. For example, you can physically restrict who has access to the disk. If you assume that this form of access control can be violated (a stolen disk), you need something else. Access control via cryptography relies on two things: mathematics, which is immanent and cannot be bypassed¹, and the knowledge of some secret (password or key). So you can have access control using cryptography that doesn't depend on the media being used in a particular system, and in particular keeps working if the disk is stolen.

To keep files confidential in this scenario, encrypt them. An attacker with a stolen disk can make brute force attacks limited only by how many processors he devotes to the task (the disk speed isn't a limited factor, because the thief can make as many copies as he likes of the encrypted data). Therefore, be sure to use a strong password that the attacker won't easily find by repeated (automated) guesses. With proper software, you can reduce the number of guesses to a handful per second per CPU.

If you give access to the Linux system from a Windows system via a network protocol, it's a different story. What access will be granted depends on the settings of all the systems involved: the system containing the disk, the system where the user is, and the system containing the authentication data (e.g. a domain controller) if that's a different system.

¹ Barring major mathematical discoveries, but you can safely assume that won't happen. Cryptography (if done right, which is hard) is more robust in this respect than, say, armed guards (who can be bribed or recruited).

File "permissions" are not intrinsic. File permissions are a tag attached to the file, stating: "please, whoever has the power to physically grant or deny access to the file, do it under these conditions". The operating system itself is supposed to honour the requests. If the operating system wants to ignore the file permissions, then the file permissions would be thoroughly ignored.

It is like a club with a bouncer. The bouncer decides who comes in and who stays out. But nobody can prevent the bouncer himself from entering and exiting as he sees fit.

Encryption changes the model by making access conditional to knowledge of a specific secret. This is no longer a matter of permissions: not knowing the key is equivalent to not having the disk. In the club analogy: consider an amnesiac bouncer. If the bouncer does not remember where the club actually is, he won't be able to grant or deny access to anybody, including himself.

Even if we are talking about the same operating system, say the same version of Ubuntu, its possible for somebody to alter the source and compile and install a version of Ubuntu that ignores ALL file permissions. Likewise once a hdd is connected to Windows, you can take ownership of every single file and folder on the drive, through a very simple recursive command.
–
RamhoundFeb 6 '13 at 13:23